Privacy Policy

Last Updated: 15 March 2025  |  Effective Date: 15 March 2025

Ginseng Ledger ("we", "us", "our") is committed to protecting the personal data of everyone who interacts with our website and courses. This policy explains what data we collect, how we use it, how long we retain it, and what rights you have under Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO").

If you have questions about this policy, please write to [email protected].

1. Who We Are

Ginseng Ledger is an educational practice registered in Hong Kong, with offices at 22/F, Jardine House, 1 Connaught Place, Central, Hong Kong. We offer structured courses on healthcare and long-term care financial planning. We do not sell financial or insurance products.

2. What Personal Data We Collect

Data you provide directly

• Name and email address (via our contact and enrolment forms)
• Phone number (optional, provided at your discretion)
• Your message or enquiry content
• Payment details (processed by our third-party payment processor — we do not store card data)

Data collected automatically

• IP address and approximate location (country/city level)
• Browser type and device information
• Pages visited and time spent on site (via analytics cookies, where consented)
• Referral source

3. Legal Basis for Processing

We process your personal data on the following bases:

• Contractual necessity — to process enrolments, deliver course content, and communicate about your participation.
• Legitimate interests — to respond to enquiries, maintain records, and improve our services, where these interests are not overridden by your rights.
• Consent — for optional analytics and marketing cookies, which you may withdraw at any time.
• Legal obligation — where we are required to process data to comply with Hong Kong law.

4. How We Use Your Data

• Responding to your enquiries and messages
• Processing enrolments and delivering course access
• Sending course-related communications (module reminders, schedule updates)
• Administering post-course access (twelve months from completion)
• Improving the website and course content based on aggregated usage data
• Complying with legal obligations

We do not use your data for automated decision-making or profiling. We do not share your data with insurance companies, financial advisers, or product providers.

5. Data Sharing

We share personal data only where necessary:

• Payment processing — our payment processor (Stripe) handles card transactions. Their privacy policy governs that processing.
• Email delivery — course communications are sent via a third-party email platform. Data is processed under a data processing agreement.
• Analytics — where you have consented, aggregated usage data is processed by Google Analytics. No personally identifying data is shared.
• Legal requirements — we will disclose data if required by Hong Kong law or a valid legal order.

We do not sell personal data to any third party.

6. Data Retention

• Enquiry data (non-enrolled): retained for 12 months from receipt, then deleted.
• Enrolment and course records: retained for 7 years for accounting and legal compliance purposes.
• Analytics data: retained in aggregated form for up to 26 months.
• Cookie consent records: retained for 12 months.

7. Cookies

We use essential cookies to operate the site and, with your consent, analytics cookies to understand how visitors use the site. We do not use advertising or tracking cookies. For full details, please see our Cookie Policy.

8. Data Security

We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, or loss. These include encrypted data transmission (HTTPS), restricted staff access to personal data, and regular review of our data handling practices. In the event of a data breach that poses a risk to individuals, we will notify affected parties and relevant authorities as required by the PDPO.

9. Your Rights Under the PDPO

Under Hong Kong's Personal Data (Privacy) Ordinance, you have the right to:

• Access personal data we hold about you
• Correct inaccurate personal data
• Object to data use for direct marketing (we do not conduct direct marketing)
• Withdraw consent for optional data processing (e.g. analytics cookies) at any time
• Request deletion of data we are not legally required to retain

To exercise any of these rights, contact us at [email protected]. We will respond within 40 days as required under the PDPO. If you are dissatisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD).

10. Third-Party Links

Our site may contain links to external resources. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.

11. Children's Privacy

Our courses are designed for adults aged 40 and above. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that data from a minor has been submitted, we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by posting an updated version on this page with a revised effective date. Continued use of our site or services after changes take effect constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions or requests:
Ginseng Ledger
22/F, Jardine House, 1 Connaught Place, Central, Hong Kong
Email: [email protected]
Phone: +852 2936 7418